Source: mariadb-10.2 Version: 10.2.7-1 Severity: grave Tags: security upstream
Hi, the following vulnerabilities were published for mariadb-10.2, these are fixed in 10.2.10. CVE-2017-10378[0]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Optimizer). Supported versions that are | affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.11 and | earlier. Easily exploitable vulnerability allows low privileged | attacker with network access via multiple protocols to compromise | MySQL Server. Successful attacks of this vulnerability can result in | unauthorized ability to cause a hang or frequently repeatable crash | (complete DOS) of MySQL Server. CVSS 3.0 Base Score 6.5 (Availability | impacts). CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). CVE-2017-10268[1]: | Vulnerability in the MySQL Server component of Oracle MySQL | (subcomponent: Server: Replication). Supported versions that are | affected are 5.5.57 and earlier, 5.6.37 and earlier and 5.7.19 and | earlier. Difficult to exploit vulnerability allows high privileged | attacker with logon to the infrastructure where MySQL Server executes | to compromise MySQL Server. Successful attacks of this vulnerability | can result in unauthorized access to critical data or complete access | to all MySQL Server accessible data. CVSS 3.0 Base Score 4.1 | (Confidentiality impacts). CVSS Vector: | (CVSS:3.0/AV:L/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N). CVE-2017-15365[2]: Replication in sql/event_data_objects.cc occurs before ACL checks If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-10378 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10378 [1] https://security-tracker.debian.org/tracker/CVE-2017-10268 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-10268 [2] https://security-tracker.debian.org/tracker/CVE-2017-15365 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-15365 Regards, Salvatore _______________________________________________ Secure-testing-team mailing list Secure-testing-team@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/secure-testing-team
